Background
Testing a software application is always a tough job and time-consuming. To successfully identify bugs in your package we need to consider the following:
- Randomized Inputs.
- Code Coverage
- Learned Inputs
We should be able to pass both valid and invalid inputs to test the package. The inputs that are generated should be able to test every line of the code efficiently. The most important thing we need to consider while testing an application is to make sure that we don’t pass the same inputs again and again instead we should be able to learn from the previous inputs and try to uncover bugs if there are any.
DeepState is one such tool that supports all the three features and helps us test the packages. The inputs generated by the DeepState_* function are random and covers most of the code. It generates tuned inputs to discover more bugs in the package.
As a part of the RcppDeepState, We are testing the Rcpp packages with the help of a deepstate testing framework. The RcppDeepState helps us find the subtle bugs in the packages.
CRAN checks on Rcpp Packages
As discussed earlier RcppDeepState uses a combination of deepstate and Valgrind to reveal the subtle bugs in the code.DeepState is for generating the learned inputs and Valgrind to test the code using those inputs. An interesting thing about RcppDeepState is that it’s able to detect the bugs in few Rcpp packages where CRAN failed to detect.
CRAN tests its packages against the different kinds of checks. Those check include valgrind, clang-ASAN, clang-UBSAN, gcc-ASAN, gcc-UBSAN, clang11, gcc10, noLD, ATLAS, MKL, OpenBLAS, LTO, noOMP, donttest, rchk, rcnst. The CRAN check page provides more detailed explaination of these tools.
Issues in the packages are mostly identified by Address sanitizers, undefined behavior sanitizer, and Valgrind. The below data table lists the most frequent tools and count of packages that tools identified the errors in:
1
2
3
4
5
6
7
8
> type.dt[, .(pkgs=.N), by=type][order(pkgs)]
type pkgs
1: clang-ASAN 1
2: gcc-ASAN 1
3: gcc-UBSAN 12
4: valgrind 18
5: clang-UBSAN 26
We downloaded CRAN check pages for all the Rcpp packages and tried to identify the packages with bugs in them.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
> unique(type.dt$pkg)
[1] "AGread" "bigmemory" "BuyseTest"
[4] "cld2" "cld3" "compboost"
[7] "dggridR" "DStree" "fastAdaboost"
[10] "FLSSS" "FRegSigCom" "glamlasso"
[13] "glmmsr" "GMKMcharlie" "GreedySBTM"
[16] "iptools" "isotree" "kernelboot"
[19] "later" "lda.svi" "milr"
[22] "mined" "mixggm" "OneArmPhaseTwoStudy"
[25] "pdftools" "PP" "PRIMME"
[28] "protolite" "pts2polys" "r2sundials"
[31] "RcppDE" "Rdimtools" "Rdtq"
[34] "RMKL" "rTRNG" "sboost"
[37] "Scalelink" "scPDSI" "scrypt"
[40] "TDA" "tesseract" "TreeLS"
[43] "volesti"
RcppDeepState checks on Rcpp Packages
RcppDeepState detected bugs in few Rcpp packages which CRAN failed to detect. The RcppDeepState list gives the list of packages that RcppDeepState detected the errors in using Limited fuzz testing.
Found errors in following packages(so far) using RcppDeepState
1
2
3
4
5
6
> rcppdeepstate_list
[1] "abcADM" "accelerometry" "adeba" "AGread"
[5] "alphabetr" "ambient" "amt" "anytime"
[9] "aphid" "aricode" "autothresholdr" "backbone"
[13] "BalancedSampling" "BAMBI"
The Complete package list has the packages and corresponding function specific testharness files that have issues in them.
adeba : RcppDeepState detected a Conditional jump or move depends on uninitialised value in get_bandwidths() in adeba.cpp
1
2
3
4
5
6
7
8
9
10
==10696== Conditional jump or move depends on uninitialised value(s)
==10696== at 0x5AFA396: __ieee754_pow_fma (e_pow.c:90)
==10696== by 0x5A80B13: pow (w_pow_compat.c:30)
==10696== by 0x41FA9F: get_bandwidths(Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>) (adeba.cpp:55)
==10696== by 0x408BA0: DeepState_Test_adeba_deepstate_test_get_bandwidths_test() (get_bandwidths_DeepState_TestHarness.cpp:28)
==10696== by 0x408858: DeepState_Run_adeba_deepstate_test_get_bandwidths_test() (get_bandwidths_DeepState_TestHarness.cpp:7)
==10696== by 0x406103: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/adeba/inst/testfiles/get_bandwidths/get_bandwidths_DeepState_TestHarness)
==10696== by 0x4138FA: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/adeba/inst/testfiles/get_bandwidths/get_bandwidths_DeepState_TestHarness)
==10696== by 0x413A0F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/adeba/inst/testfiles/get_bandwidths/get_bandwidths_DeepState_TestHarness)
==10696== by 0x406C4D: main (in /home/akhila/Documents/compileAttributescheck/adeba/inst/testfiles/get_bandwidths/get_bandwidths_DeepState_TestHarness)
Here the Conditional jump or move depends on the uninitialized value(s)
means that the execution of the program is altered due to the uninitialized value and Valgrind provides the trace to track the origin of the uninitialized values.
AGread : RcppDeepState detected an Invalid read of size 4 in get_VM_C() function in the package. The error is shown below:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
==10904== Invalid read of size 8
==10904== at 0x42BD92: get_VM_C(Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>) (get_VM_C.cpp:22)
==10904== by 0x40A690: DeepState_Test_AGread_deepstate_test_get_VM_C_test() (get_VM_C_DeepState_TestHarness.cpp:28)
==10904== by 0x40A348: DeepState_Run_AGread_deepstate_test_get_VM_C_test() (get_VM_C_DeepState_TestHarness.cpp:7)
==10904== by 0x406CD3: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x4153EA: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x4154FF: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x40781D: main (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== Address 0xba09720 is 0 bytes after a block of size 624 alloc'd
==10904== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10904== by 0x4FB8633: Rf_allocVector3 (memory.c:2766)
==10904== by 0x42C17A: void Rcpp::Vector<14, Rcpp::PreserveStorage>::import_sugar_expression<true, Rcpp::sugar::Pow<14, true, Rcpp::Vector<14, Rcpp::PreserveStorage>, int> >(Rcpp::VectorBase<14, true, Rcpp::sugar::Pow<14, true, Rcpp::Vector<14, Rcpp::PreserveStorage>, int> > const&, Rcpp::traits::integral_constant<bool, false>) (Vector.h:1070)
==10904== by 0x42C021: Rcpp::Vector<14, Rcpp::PreserveStorage>::Vector<true, Rcpp::sugar::Pow<14, true, Rcpp::Vector<14, Rcpp::PreserveStorage>, int> >(Rcpp::VectorBase<14, true, Rcpp::sugar::Pow<14, true, Rcpp::Vector<14, Rcpp::PreserveStorage>, int> > const&) (Vector.h:165)
==10904== by 0x42BCC7: get_VM_C(Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>) (get_VM_C.cpp:19)
==10904== by 0x40A690: DeepState_Test_AGread_deepstate_test_get_VM_C_test() (get_VM_C_DeepState_TestHarness.cpp:28)
==10904== by 0x40A348: DeepState_Run_AGread_deepstate_test_get_VM_C_test() (get_VM_C_DeepState_TestHarness.cpp:7)
==10904== by 0x406CD3: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x4153EA: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x4154FF: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
==10904== by 0x40781D: main (in /home/akhila/Documents/compileAttributescheck/AGread/inst/testfiles/get_VM_C/get_VM_C_DeepState_TestHarness)
Here the Invalid read of size 8
means the memory that the process is trying to read is unavailable. Here the 8 bytes indicate the size of the memory that the process is trying to access.
The next error trace line showing Address 0xba09720 is 0 bytes after a block of size 624 alloc'd
means that the address starting at the location 0xba09720, 0 bytes are allocated for a block of size 624 bytes.
accelerometry : RcppDeepState found errors in blockaves_i_max(), blockaves_n_max(), blocksums_i_max(), blocksums_n_max(), sedbreaks_flags(), sedbreaks(). The error log has the log trace for all these functions.
Most of the functions have an Invalid read error reported. Whereas the sedbreaks_flags() function has a Conditional jump or move depends on the uninitialized value(s) along with the Invalid read.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
==10412== Invalid read of size 4
==10412== at 0x4303D5: sedbreaks_flags(Rcpp::Vector<13, Rcpp::PreserveStorage>, Rcpp::Vector<13, Rcpp::PreserveStorage>, int) (sedbreaks_c.cpp:35)
==10412== by 0x409B50: DeepState_Test_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:28)
==10412== by 0x409818: DeepState_Run_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:7)
==10412== by 0x406303: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41484A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41495F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x406E4D: main (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== Address 0xb964b48 is 0 bytes after a block of size 280 alloc'd
==10412== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10412== by 0x4FB8633: Rf_allocVector3 (memory.c:2766)
==10412== by 0x40CBDD: Rcpp::Vector<13, Rcpp::PreserveStorage>::Vector(int const&) (Vector.h:130)
==10412== by 0x408B54: RcppDeepState_IntegerVector() (RcppDeepState.h:52)
==10412== by 0x409957: DeepState_Test_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:17)
==10412== by 0x409818: DeepState_Run_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:7)
==10412== by 0x406303: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41484A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41495F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x406E4D: main (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412==
==10412== Conditional jump or move depends on uninitialised value(s)
==10412== at 0x430421: sedbreaks_flags(Rcpp::Vector<13, Rcpp::PreserveStorage>, Rcpp::Vector<13, Rcpp::PreserveStorage>, int) (sedbreaks_c.cpp:38)
==10412== by 0x409B50: DeepState_Test_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:28)
==10412== by 0x409818: DeepState_Run_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:7)
==10412== by 0x406303: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41484A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41495F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x406E4D: main (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== Uninitialised value was created by a heap allocation
==10412== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10412== by 0x4FB8633: Rf_allocVector3 (memory.c:2766)
==10412== by 0x40CBDD: Rcpp::Vector<13, Rcpp::PreserveStorage>::Vector(int const&) (Vector.h:130)
==10412== by 0x408B54: RcppDeepState_IntegerVector() (RcppDeepState.h:52)
==10412== by 0x409957: DeepState_Test_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:17)
==10412== by 0x409818: DeepState_Run_accelerometry_deepstate_test_sedbreaks_flags_test() (sedbreaks_flags_DeepState_TestHarness.cpp:7)
==10412== by 0x406303: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41484A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x41495F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
==10412== by 0x406E4D: main (in /home/akhila/Documents/compileAttributescheck/accelerometry/inst/testfiles/sedbreaks_flags/sedbreaks_flags_DeepState_TestHarness)
We have already discussed the invalid read and conditional jump above. Here Uninitialised value was created by a heap allocation
means that the process is trying to access a heap location whose values are uninitialized and it traces back to line 38 in the function sedbreaks().
ambient : RcppDeepState detected issues in 27 functions in the package ambient. Most of the functions have Invalid read and Conditional jump on uninitialized values. The error logs has the log xtraces for all the functions.
For example consider gen_value3d_c() function which revealed the following issues:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
==13686== Conditional jump or move depends on uninitialised value(s)
==13686== at 0x41E075: FastFloor(double) (FastNoise.cpp:184)
==13686== by 0x417CB5: FastNoise::SingleValue(unsigned char, double, double, double) const (FastNoise.cpp:639)
==13686== by 0x41E04C: FastNoise::GetValue(double, double, double) const (FastNoise.cpp:633)
==13686== by 0x43C271: gen_value3d_c(Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, double, int, int) (value.cpp:97)
==13686== by 0x40948E: DeepState_Test_ambient_deepstate_test_gen_value3d_c_test() (gen_value3d_c_DeepState_TestHarness.cpp:47)
==13686== by 0x408E18: DeepState_Run_ambient_deepstate_test_gen_value3d_c_test() (gen_value3d_c_DeepState_TestHarness.cpp:7)
==13686== by 0x405F13: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x41426A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x41437F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x406A5D: main (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== Uninitialised value was created by a heap allocation
==13686== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13686== by 0x4FB6FEC: GetNewPage (memory.c:924)
==13686== by 0x4FB86FA: Rf_allocVector3 (memory.c:2745)
==13686== by 0x4F587D2: Rf_allocVector (Rinlinedfuns.h:580)
==13686== by 0x4F587D2: mkHandlerEntry (errors.c:1565)
==13686== by 0x4F5D1D4: do_addCondHands (errors.c:1644)
==13686== by 0x4F6FC50: bcEval (eval.c:6765)
==13686== by 0x4F7C9FF: Rf_eval (eval.c:620)
==13686== by 0x4F7E85E: R_execClosure (eval.c:1780)
==13686== by 0x4F7F5A2: Rf_applyClosure (eval.c:1706)
==13686== by 0x4F735A1: bcEval (eval.c:6733)
==13686== by 0x4F7C9FF: Rf_eval (eval.c:620)
==13686== by 0x4F7E85E: R_execClosure (eval.c:1780)
==13686==
==13686== Use of uninitialised value of size 8
==13686== at 0x422AEC: FastNoise::Index3D_256(unsigned char, int, int, int) const (FastNoise.cpp:275)
==13686== by 0x422854: FastNoise::ValCoord3DFast(unsigned char, int, int, int) const (FastNoise.cpp:322)
==13686== by 0x417E4D: FastNoise::SingleValue(unsigned char, double, double, double) const (FastNoise.cpp:665)
==13686== by 0x41E04C: FastNoise::GetValue(double, double, double) const (FastNoise.cpp:633)
==13686== by 0x43C271: gen_value3d_c(Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, Rcpp::Vector<14, Rcpp::PreserveStorage>, double, int, int) (value.cpp:97)
==13686== by 0x40948E: DeepState_Test_ambient_deepstate_test_gen_value3d_c_test() (gen_value3d_c_DeepState_TestHarness.cpp:47)
==13686== by 0x408E18: DeepState_Run_ambient_deepstate_test_gen_value3d_c_test() (gen_value3d_c_DeepState_TestHarness.cpp:7)
==13686== by 0x405F13: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x41426A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x41437F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
==13686== by 0x406A5D: main (in /home/akhila/Documents/compileAttributescheck/ambient/inst/testfiles/gen_value3d_c/gen_value3d_c_DeepState_TestHarness)
As we see the Valgrind traces show that the program execution has been changed due to the use of uninitialized values. The last trace Use of an uninitialized value of size 8
shows that the size of the memory(8 bytes) the system tried to access and failed.
BAMBI : RcppDeepState detected issues in 21 functions in the package BAMBI.The error logs has the logtraces for all the functions. Most of the errors detected show a Conditional jump or move depends on uninitialised value(s)
For function vmsin_all() has the following error detected:
1
2
3
4
5
6
7
8
9
10
11
12
==13017== Conditional jump or move depends on uninitialised value(s)
==13017== at 0x40ED38: arma::Mat<double>::~Mat() (Mat_meat.hpp:27)
==13017== by 0x40F344: arma::Col<double>::~Col() (arma_forward.hpp:27)
==13017== by 0x40B9F9: DeepState_Test_BAMBI_deepstate_test_log_const_vmcos_all_test() (log_const_vmcos_all_DeepState_TestHarness.cpp:23)
==13017== by 0x40B768: DeepState_Run_BAMBI_deepstate_test_log_const_vmcos_all_test() (log_const_vmcos_all_DeepState_TestHarness.cpp:7)
==13017== by 0x406673: DeepState_RunTest.isra.6 (in /home/akhila/Documents/compileAttributescheck/BAMBI/inst/testfiles/log_const_vmcos_all/log_const_vmcos_all_DeepState_TestHarness)
==13017== by 0x41764A: DeepState_FuzzOneTestCase (in /home/akhila/Documents/compileAttributescheck/BAMBI/inst/testfiles/log_const_vmcos_all/log_const_vmcos_all_DeepState_TestHarness)
==13017== by 0x41775F: DeepState_Fuzz (in /home/akhila/Documents/compileAttributescheck/BAMBI/inst/testfiles/log_const_vmcos_all/log_const_vmcos_all_DeepState_TestHarness)
==13017== by 0x4071BD: main (in /home/akhila/Documents/compileAttributescheck/BAMBI/inst/testfiles/log_const_vmcos_all/log_const_vmcos_all_DeepState_TestHarness)
==13017== Uninitialised value was created by a stack allocation
==13017== at 0x40B782: DeepState_Test_BAMBI_deepstate_test_log_const_vmcos_all_test() (log_const_vmcos_all_DeepState_TestHarness.cpp:8)
The error Uninitialised value was created by a stack allocation
means that the process is trying to use a variable before assigning it. Stack memory is where the local variables and the function calls are stored.
Other packages show similar errors (conditional jump, Invalid read, Invalid write) when tested using RcppDeepState. We have tested almost 111 packages, 268 functions so far.
We performed a Valgrind test on the BalancedSampling::cubestratified() with reasonable inputs from the man page of the respective packages.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
akolla@snaps-computer:~$ R --vanilla -d valgrind -e "BalancedSampling::cubestratified(rep(5/10,10),cbind(rep(5/10,10)),c(1,1,2,2,3,3,4,4,5,5))"
==1116252== Memcheck, a memory error detector
==1116252== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1116252== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1116252== Command: /usr/lib/R/bin/exec/R --vanilla -e BalancedSampling::cubestratified(rep(5/10,10),cbind(rep(5/10,10)),c(1,1,2,2,3,3,4,4,5,5))
==1116252==
> BalancedSampling::cubestratified(rep(5/10,10),cbind(rep(5/10,10)),c(1,1,2,2,3,3,4,4,5,5))
[1] 0 1 1 0 0 1 1 0 0 1
==1116252==
==1116252== HEAP SUMMARY:
==1116252== in use at exit: 50,674,475 bytes in 10,078 blocks
==1116252== total heap usage: 28,151 allocs, 18,073 frees, 86,670,876 bytes allocated
==1116252==
==1116252== LEAK SUMMARY:
==1116252== definitely lost: 0 bytes in 0 blocks
==1116252== indirectly lost: 0 bytes in 0 blocks
==1116252== possibly lost: 0 bytes in 0 blocks
==1116252== still reachable: 50,674,475 bytes in 10,078 blocks
==1116252== of which reachable via heuristic:
==1116252== newarray : 4,264 bytes in 1 blocks
==1116252== suppressed: 0 bytes in 0 blocks
==1116252== Rerun with --leak-check=full to see details of leaked memory
==1116252==
==1116252== For lists of detected and suppressed errors, rerun with: -s
==1116252== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
The test shows no errors in the package for those reasonable inputs but when the package is run under RcppDeepState fuzz it detects the following error in the same function.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
==6688== Memcheck, a memory error detector
==6688== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6688== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==6688== Command: ./cubestratified_DeepState_TestHarness --fuzz --fuzz_save_passing --output_test_dir /home/akhila/Documents/compileAttributescheck/BalancedSampling/inst/testfiles/cubestratified/cubestratified_output
==6688==
==6688== Invalid read of size 8
==6688== at 0x4FBB8FD: Rf_install (names.c:1230)
==6688== by 0x42FB9F: Rcpp::Function_Impl<Rcpp::PreserveStorage>::get_function(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, SEXPREC*) (Function.h:110)
==6688== by 0x42ECD3: Rcpp::Function_Impl<Rcpp::PreserveStorage>::Function_Impl(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (Function.h:62)
==6688== by 0x4076C0: __cxx_global_var_init.4 (cube.cpp:11)
==6688== by 0x40775C: _GLOBAL__sub_I_cube.cpp (cube.cpp:0)
==6688== by 0x43792C: __libc_csu_init (in /home/akhila/Documents/compileAttributescheck/BalancedSampling/inst/testfiles/cubestratified/cubestratified_DeepState_TestHarness)
==6688== by 0x6049B27: (below main) (libc-start.c:266)
==6688== Address 0x269c8 is not stack'd, malloc'd or (recently) free'd
==6688==
==6688==
==6688== Process terminating with default action of signal 11 (SIGSEGV)
==6688== Access not within mapped region at address 0x269C8
==6688== at 0x4FBB8FD: Rf_install (names.c:1230)
==6688== by 0x42FB9F: Rcpp::Function_Impl<Rcpp::PreserveStorage>::get_function(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, SEXPREC*) (Function.h:110)
==6688== by 0x42ECD3: Rcpp::Function_Impl<Rcpp::PreserveStorage>::Function_Impl(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (Function.h:62)
==6688== by 0x4076C0: __cxx_global_var_init.4 (cube.cpp:11)
==6688== by 0x40775C: _GLOBAL__sub_I_cube.cpp (cube.cpp:0)
==6688== by 0x43792C: __libc_csu_init (in /home/akhila/Documents/compileAttributescheck/BalancedSampling/inst/testfiles/cubestratified/cubestratified_DeepState_TestHarness)
==6688== by 0x6049B27: (below main) (libc-start.c:266)
==6688== If you believe this happened as a result of a stack
==6688== overflow in your program's main thread (unlikely but
==6688== possible), you can try to increase the size of the
==6688== main thread stack using the --main-stacksize= flag.
==6688== The main thread stack size used in this run was 8388608.
==6688==
==6688== HEAP SUMMARY:
==6688== in use at exit: 1,048 bytes in 2 blocks
==6688== total heap usage: 4 allocs, 2 frees, 106,568 bytes allocated
==6688==
==6688== LEAK SUMMARY:
==6688== definitely lost: 0 bytes in 0 blocks
==6688== indirectly lost: 0 bytes in 0 blocks
==6688== possibly lost: 0 bytes in 0 blocks
==6688== still reachable: 1,048 bytes in 2 blocks
==6688== suppressed: 0 bytes in 0 blocks
==6688== Reachable blocks (those to which a pointer was found) are not shown.
==6688== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==6688==
==6688== For counts of detected and suppressed errors, rerun with: -v
==6688== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Thanks to Dr.Toby Dylan Hocking for his support on the project. This blog is kindly contributed to R-bloggers.